Unfortunately building a Galaxy Interactive Environment (GIE) isn’t completely straightforward, and it’s
certainly not as simple as picking out an existing container and plugging it
in. Here we’ll go through build a “Hello, World” GIE which just displays a file
from a user’s history.

We’ll use the variable {gie} to stand in for the name of your GIE. It
should match [a-z]+, like jupyter or rstudio. Here you can see the
config/ directory with a {gie}.ini.sample providing docker and image
configuration, and then {gie}.xml which outlines that it is a GIE.

The static directory can hold resources such as javascript and css files. If
you are actively developing a GIE, you’ll need to restart Galaxy after adding
any resources to that file, before they can be accessed in the browser.

Lastly, and most importantly, there’s the templates folder. This normally just
contains {gie}.mako, however the Jupyter file needs an extra template file.

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE interactive_environment SYSTEM "../../interactive_environments.dtd"><!-- This is the name which will show up in the User's Browser --><interactive_environmentname="HelloWorld"><data_sources><data_source><model_class>HistoryDatasetAssociation</model_class><!-- here you filter out which types of datasets are appropriate for this GIE --><testtype="isinstance"test_attr="datatype"result_type="datatype">tabular.Tabular</test><testtype="isinstance"test_attr="datatype"result_type="datatype">data.Text</test><to_paramparam_attr="id">dataset_id</to_param></data_source></data_sources><params><paramtype="dataset"var_name_in_template="hda"required="true">dataset_id</param></params><!-- Be sure that your entrypoint name is correct! --><entry_pointentry_point_type="mako">helloworld.mako</entry_point></interactive_environment>

Once this is done, we can set up our INI file, config/helloworld.ini.sample which controlls docker interaction

[main]# Unused[docker]# Command to execute docker. For example `sudo docker` or `docker-lxc`.#command = docker {docker_args}# The docker image name that should be started.image=hello-ie# Additional arguments that are passed to the `docker run` command.#command_inject = --sig-proxy=true -e DEBUG=false# URL to access the Galaxy API with from the spawn Docker container, if empty# this falls back to galaxy.ini's galaxy_infrastructure_url and finally to the# Docker host of the spawned container if that is also not set.#galaxy_url =# The Docker hostname. It can be useful to run the Docker daemon on a different# host than Galaxy.#docker_hostname = localhost

We’ve named our image hello-ie, we’ll get to creating that in a minute.

Mako templates are very easy to use, and they allow significantly more
flexibility than many other templating languages. It’s because of this
flexibility (and ability to write plain python code in them) that GIEs were
possible to develop easily.

In our templates/helloworld.mako, we’ll add the following

<%namespacename="ie"file="ie.mako"/>

This line says to inherit from the ie.mako file that’s available in
$GALAXY_ROOT/config/plugins/interactive_environments/common/templates/ie.mako.
Next we’ll add the following

<%# Sets ID and sets up a lot of other variablesie_request.load_deploy_config()# Define a volume that will be mounted into the container.# This is a useful way to provide access to large files in the container,# if the user knows ahead of time that they will need it.user_file=ie_request.volume(hda.file_name,'/import/file.dat',how='ro')# Launch the IE. This builds and runs the docker command in the background.ie_request.launch(volumes=[user_file],env_override={'custom':'42'})# Only once the container is launched can we template our URLs. The ie_request# doesn't have all of the information needed until the container is running.url=ie_request.url_template('${PROXY_URL}/helloworld/')%>

That mako snippet loaded the configuration from the INI files, launched the
docker container, and then built a URL to the correct endpoint, through the
Galaxy NodeJS proxy. Additionally we’ve set an environment variable named CUSTOM with the value 42 to be passed to the container, and we’ve attached the dataset the user selected (available in hda) to the container as a read-only volume.

We’ll continue appending to our helloworld.mako the HTML code that’s actually displayed to the user, when this template is rendered

<html><head><!-- Loads some necessary javascript libraries. Specifically jquery, toastr, and requirejs -->${ie.load_default_js()}</head><body><scripttype="text/javascript">// see $GALAXY_ROOT/config/plugins/interactive_environments/common/templates/ie.mako to learn what this does${ie.default_javascript_variables()}varnotebook_login_url='unused';varnotebook_access_url='${notebook_access_url}';// Load code with require.js${ie.plugin_require_config()}// Load notebook// This will load code from static/helloworld.js, often used to handle// things like Login. The load_notebook function will eventually append// an IFrame to the <div id="main" /> below.requirejs(['interactive_environments','plugin/helloworld'],function(){load_notebook(notebook_access_url);});</script><divid="main"width="100%"height="100%"></div></body></html>

We’ve glossed over some of the features of this file, but most IEs do a significant amount of “magic” in the top half of the mako template. For instance, the Jupyter notebook:

If the user is trying to run the Jupyter GIE Visualization on an existing notebook in their history, then that gets loaded into the docker container via the temp directory and set as the default notebook

Otherwise a default notebook is built for the user.

The RStudio notebook:

generates a random password and configures the image to use this password

With the mako template above finished, if you were to load this in your
browser, not a lot would happen because we haven’t built the hello-ie image,
and we haven’t used Javascript to connect the user with the container. In the
tail end of the template, we set a variable notebook_access_url. These are
partially a legacy of how things used to be done and you’re welcome to clean up
your code according to your desires. Galaxy’s NodeJS proxy handles the
authentication of users, so you don’t have to worry about it, and can just
assume that only the correct user will have access to a given notebook.

In the static/ directory, we generally create a js/ directory below that, and create a {gie}.js (so, static/js/helloworld.js) file in there. That file will have a function, load_notebook which will check if the GIE is available, and when it is, display it to the user.

We start by writing the load notebook function, which is pretty generic

// Load an interactive environment (IE) from a remote URL// @param {String} notebook_access_url: the URL embeded in the page and loadedfunctionload_notebook(notebook_access_url){// When the page has completely loaded...$(document).ready(function(){// Test if we can access the GIE, and if so, execute the function// to load the GIE for the user.test_ie_availability(notebook_access_url,function(){_handle_notebook_loading(notebook_access_url);});});}

This function will display a spinner to the user to indicate process, and then make multiple requests to notebook_access_url. That MUST return a 200 OK for the _handle_notebook_loading function to ever be called. 302s do not count!

With that, we’ve almost completed the Javascript portion, just need to implement the function to display the GIE to the user in an iframe

This function is very short. Historically, the GIE process involved a complex dance of:

generating a random password in the mako template

setting it as a javascript variable

passing it to the docker container

once the container was available, have the javascript automatically log a
user in (something browsers try to prevent since that’s otherwise an XSS
vulnerability.)

hope everything worked

Since the NodeJS proxy takes care of authentication/authorization, we can
reduce the helloworld _handle_notebook_loading function to a simple
append_notebook call. You may wish to look at the Jupyter and RStudio GIEs
for examples of the complex things that can be done at every step.

We’ll build a simple container that just displays the dataset a user has
selected to them. Remember when we attached a volume to the container? We’ll
make use of that now.

GIE Containers (often) consist of:

Dockerfile

NGINX Proxy configuration

A custom startup script/entrypoint

A script to monitor traffic and kill unused containers

We have to monitor the container’s traffic and kill off unused containers,
bceause no one is watching them. The user launches the container in Galaxy, and
Galaxy immediately forgets the container exists. Thus, we say that if a
container has no connections to TCP connections to itself, then it should
commit suicide by killing the root process.

Here’s an example Dockerfile for our helloworld container

FROM ubuntu:14.04# These environment variables are passed from Galaxy to the container# and help you enable connectivity to Galaxy from within the container.# This means your user can import/export data from/to Galaxy.ENV DEBIAN_FRONTEND=noninteractive \API_KEY=none \DEBUG=false\PROXY_PREFIX=none \GALAXY_URL=none \GALAXY_WEB_PORT=10000\HISTORY_ID=none \REMOTE_HOST=none
RUN apt-get -qq update &&\
apt-get install --no-install-recommends -y \
wget procps nginx python python-pip net-tools nginx
# Our very important scripts. Make sure you've run `chmod +x startup.sh# monitor_traffic.sh` outside of the container!ADD ./startup.sh /startup.shADD ./monitor_traffic.sh /monitor_traffic.sh# /import will be the universal mount-point for Jupyter# The Galaxy instance can copy in data that needs to be present to the# containerRUN mkdir /import
# Nginx configuration
COPY ./proxy.conf /proxy.conf
VOLUME ["/import"]WORKDIR /import/# EXTREMELY IMPORTANT! You must expose a SINGLE port on your container.EXPOSE 80CMD /startup.sh

The proxy configuration is interesting, here we’ll point NGINX to reverse proxy
a service running on :8000 inside the container. That port will be hosting
a python process which serves up the directory contents of /import, i.e.
the file the user selected which was mounted as a volume into
/import/file.dat

#!/bin/bash# First, replace the PROXY_PREFIX value in /proxy.conf with the value from# the environment variable.
sed -i "s|PROXY_PREFIX|${PROXY_PREFIX}|" /proxy.conf;# Then copy into the default location for ubuntu+nginx
cp /proxy.conf /etc/nginx/sites-enabled/default;# Here you would normally start whatever service you want to start. In our# example we start a simple directory listing service on port 8000cd /import/ && python -mSimpleHTTPServer &# Launch traffic monitor which will automatically kill the container if# traffic stops
/monitor_traffic.sh &# And finally launch nginx in foreground mode. This will make debugging# easier as logs will be available from `docker logs ...`
nginx -g 'daemon off;'

Lastly, our monitor_traffic.sh file is often re-used between containers, the only adjustment being the port that is looked at

-d runs the container in daemon mode, it launches and the client
submitting the container finished

-P randomly assigns an unused port to the container for each EXPOSE``dportfromour``Dockerfile. This is why you must expose a port, and only
one port.

A large number of environment variables are set:

The user’s API key is provided, allowing you to access datasets and
submit jobs on their behalf. If you have an environment like
Jupyter/RStudio, it is highly recommended that you provide some magic
by which the user can use their API key without embedding it in the
notebook. If you do embed it somehow in a document that gets saved to
their history, anyone can impersonate that user if they get a hold of it.
In the Jupyter GIE we have a variable that just runs
os.environ.get('API_KEY') to avoid embedding it in their notebook.

A CORS Origin is provided for very strict servers, but it may be easier
to simply void CORS requirements within the nginx proxy in your
container.

Custom variables specified in your launch() command are available

A DEBUG environment variable should be used to help admins debug
existing containers. You should use it to increase logging, not cleanup
temporary files, and so on.

GALAXY_PASTER_PORT (deprecated) and GALAXY_WEB_PORT are the raw
port that Galaxy is listening on. You can use this to help decide how to
takl to Galaxy.

GALAXY_URL is the URL that Galaxy should be accessible at. For
various reasons this may not be true. We recommend looking at our
implementation of galaxy.py
which is a small utility script to provide API access to Galaxy to get
and fetch data, based on those environment variables.

The HISTORY_ID of the current history the user is on is provided. In
the Jupyter/RStudio containers, we provide a dead simple method for users
to download datasets from their current history which will be visible to
them on the right hand side of their screen.

A PROXY_PREFIX is provided which should be used in the nginx conf.

REMOTE_HOST is another component used to test for a possible Galaxy
access path

The user’s email is made available, very convenient for webservices like
Entrez which require the user’s email address. You can pre-fill it out
for them, making their life easier.

Two volumes are mounted, one a temporary directory from Galaxy (rw), and one
the dataset the user selected (ro).

and finally the image is specified.

Most of this information is usually required to build friendly, easy-to-use
GIEs. One of the strong points of GIEs is their magic interaction with Galaxy.
Here we’ve mounted a volume read-only, but in real life you may wish to provide
connectivity like Jupyter and RStudio provide, allowing the user to load
datasets on demand for interactive analysis, and then to store analysis
artefacts (and a log of what was done inside the container, à la Jupyter’s
“notebooks”) back to their current history.

If everything went well, at this point you should see a directory listing show up:

If you find yourself encountering difficulties, the “Hello, World” IE is
available in a GitHub repo, and there are people on the IRC channel who can help debug.